ENDE LLC: Formerly known as R3dLabz

“Access denied. Two more attempts remaining”, read the screen. A man looks onto the screen with frustration. Furiously, he taps away on the keys. “Authentication Successful. Welcome”. He smiles, takes one last chug of his Monster and looks on in awe as police lights begin flashing outside of his window. Hacking in itself is not a crime. To most it is either a hobby or a profession. There are many different types of hackers, but they all use the same methods to breach a system. Even with cyber-crimes on the rise in the U.S., you are not totally helpless. In the end, you will hopefully understand why I have chosen a career in Penetration Testing.

Types of Hackers

There are three different categories of hackers. Black hats are the most well-known. Also known as crackers, Black hats exploit systems for malicious purposes. Lulzsec, a group known for hacking several major companies such as Sony while on a blitz that lasted for some time, stole user credentials and personal information for hundreds of thousands of customers resulting in a multimillion dollar loss for Sony. This loss was due in part to Sony giving affected users free games and merchandise as some kind of retribution for not only the hack itself, but also for the down time that affected the Playstation Network Servers (Arthur, 2013).

White hats are your professional hackers. These individuals perform tests known as “penetration tests” designed to discover their clients’ vulnerabilities in order for the company to patch the exploits before they are found by the crackers. There are several companies that cater to this specific need and help keep a company safe from outside attacks. It is also federally mandated that any company that holds a customer’s private information within their systems, must have an annual penetration test conducted. As a caveat to that, they must also show that they have patched their systems as a result of the findings of these tests.

Gray hats blur the line. They can hack a system for many reasons including curiosity, revenge, or to obtain some type of financial gain. One day they can be helping their friend secure a network, and get caught hacking a corporate network the next. Another type of gray hat usually hacks for less nefarious purposes. George Hotz hacked the Sony Playstation in order to let ordinary people side-load custom apps that wouldn’t normally run on the platform (Couts, 2011). Although not illegal, it was a breach of Sony’s Terms of Service and lead to both a cease-and-desist letter to George, as well as a potential lawsuit. Sony’s “enemy” was later offered a contract with Apple as a developer.

Methodology: How a Hacker Achieves Their Ultimate Goal

Hackers have many methods for exploiting people, PC’s and networks. Such common attacks include, but are not limited to Social Engineering (the exploitation of the human mind), Man-in-the-Middle attacks, Client Side and SQL Injection. Some of the most well publicized attacks such as website defacements were due to the powerful effects of SQL injection.

Most people think that all hacking involves some kind of fancy code and keystrokes. This is untrue. Social engineering is a hacker’s favorite method. Social engineering is the exploitation of the human mind. A hacker can pose as a help desk technician in order to gain a user’s credentials. He spoofs his number to appear to be coming from the help desk extension, thus instantly gaining the users trust. He says that a problem was reported involving your account and asks you to verify your credentials. Since the call appears to be coming from an internal number, you quickly give him the credentials. Most cyber-attacks have some form of social engineering occur at some point. Other forms of social engineering include shoulder surfing, dumpster diving, piggy backing and phishing.

Man-in-the-middle attacks are far less obvious than social engineering. With MITM attacks, a hacker inserts their PC in between you and your destination. From there they can read your traffic to obtain sensitive information, insert malicious scripts to infect your pc, or hijack your browsing sessions altogether (Kirsch, 2013). Usually, the only indication of this type of attack is a brief interruption of service while the hacker reroutes your traffic.

Client-side attacks require some type of end user interaction. For a CSA to be effective, the attacker must trick the user into running some type of malicious application or script in order to gain access to their system. With the heightened level of security within most modern operating systems, this has become a common method. Applications such as Metasploit can generate these malicious payloads and even encrypt them to bypass most antivirus applications.

SQL Injection is a web based attack. This attack usually involves injecting strings of code into a database or web URL that imitate the actual code the database uses to pass along information. This type of attack results in the victim’s database leaking personal information such as user credentials, email addresses and other sensitive information. SQL injection is also a common method hackers use to deface websites.

Protecting yourself

With all of these different attacks, how do you defend yourself? Antivirus applications are the most common way to stop malicious payloads from entering your system. Some browser applications such as Google Chrome also have built-in security settings that can detect certain types of attacks. The use of firewall applications can stop malicious payloads from communicating with the attackers, as well as stop attackers from enumerating your system. Enumeration is the act of gathering general information about your system that could clue an attacker into your systems weaknesses. With all of the different types of protection offered, none can replace basic human awareness (FBI, n.d.). Never click on a link that you don’t know, give personal information to strangers, or surf porn.

Why Did I Choose Penetration Testing?

Penetration testers fall into the White Hat category. They are hired by companies or individuals to test their systems vulnerabilities in much the same way a Black Hat would. The biggest difference is that White Hats have permission to do so. I chose this career because I find the way hackers enter a system to be both interesting and an art form. To be a successful penetration tester, you must know how to find a systems weaknesses and exploit them, have extensive knowledge in network protocols, but most importantly not have a criminal background. You must also know some basic programming or scripting, hold certifications that show you understand the legalities and methodologies of pen testing and be able to “think outside the box”. I will be attacking certifications specific to the job such as the Certified Ethical Hacker and Offensive Security Certified Professional. These certifications will give me knowledge about both the theory involved in ethical hacking, as well as giving me practical experience.

The job itself is not always glamorous. You will perform attacks in much the same ways as typical hackers would (as described in previous statements). While you have permission to attack the systems, you must be very careful to not touch any systems that are outside the scope of the contract. This is not always easy considering a lot of networks and systems are often tied together. Going outside the scope can lead to the loss of the contract, fines or even jail time. For myself, the rewards and the rush outweigh the risks. I have never been so sure about a career in my lifetime!

Conclusion

Cyber-crimes are increasing in both frequency and intensity. Every time you turn on the news you hear a story of another person, country or company falling victim to data breaches. There are many different types of hackers but they all use the same methods to breach a system. With cyber-crimes on the rise in the U.S., you are not totally helpless. You should now have a better understanding in why I have chosen a career in Penetration Testing.

References

Andrew Couts (2011) Digital Trends. In Anyone who visited GeoHot’s PS3 Jailbreak Website is Now Part of Sony Lawsuit. Retrieved July 19, 2014, from http://www.digitaltrends.com/gaming/anyone-who-visited-geohots-ps3-jailbreak-website-is-now-part-of-sony-lawsuit/#!bihYl0

Charles Arthur (2013) The Guardian. In LulzSec: what they did, who they were and how they were caught. Retrieved July 19, 2014, from http://www.theguardian.com/technology/2013/may/16/lulzsec-hacking-fbi-jail